Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-aj7d-6vcp-7yey
Vulnerability ID VCID-aj7d-6vcp-7yey
Aliases CVE-2025-9714
Summary libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c
Status Published
Exploitability 0.5
Weighted Severity 5.6
Risk 2.8
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-606 Unchecked Input for Loop Condition
CWE-674 Uncontrolled Recursion
System Score Found at
cvssv3 6.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2025-9714
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.2 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
ssvc Track https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json
https://api.first.org/data/v1/epss?cve=CVE-2025-9714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2392605 https://bugzilla.redhat.com/show_bug.cgi?id=2392605
677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
RHSA-2025:22162 https://access.redhat.com/errata/RHSA-2025:22162
RHSA-2025:22163 https://access.redhat.com/errata/RHSA-2025:22163
RHSA-2025:22177 https://access.redhat.com/errata/RHSA-2025:22177
RHSA-2025:22376 https://access.redhat.com/errata/RHSA-2025:22376
RHSA-2025:22377 https://access.redhat.com/errata/RHSA-2025:22377
RHSA-2025:22868 https://access.redhat.com/errata/RHSA-2025:22868
RHSA-2025:23202 https://access.redhat.com/errata/RHSA-2025:23202
RHSA-2025:23204 https://access.redhat.com/errata/RHSA-2025:23204
RHSA-2025:23205 https://access.redhat.com/errata/RHSA-2025:23205
RHSA-2025:23209 https://access.redhat.com/errata/RHSA-2025:23209
RHSA-2025:23227 https://access.redhat.com/errata/RHSA-2025:23227
RHSA-2025:23234 https://access.redhat.com/errata/RHSA-2025:23234
RHSA-2025:23449 https://access.redhat.com/errata/RHSA-2025:23449
RHSA-2026:0414 https://access.redhat.com/errata/RHSA-2026:0414
RHSA-2026:0677 https://access.redhat.com/errata/RHSA-2026:0677
RHSA-2026:0702 https://access.redhat.com/errata/RHSA-2026:0702
RHSA-2026:0978 https://access.redhat.com/errata/RHSA-2026:0978
RHSA-2026:0980 https://access.redhat.com/errata/RHSA-2026:0980
RHSA-2026:0985 https://access.redhat.com/errata/RHSA-2026:0985
RHSA-2026:0996 https://access.redhat.com/errata/RHSA-2026:0996
RHSA-2026:11349 https://access.redhat.com/errata/RHSA-2026:11349
RHSA-2026:14832 https://access.redhat.com/errata/RHSA-2026:14832
RHSA-2026:14858 https://access.redhat.com/errata/RHSA-2026:14858
RHSA-2026:1539 https://access.redhat.com/errata/RHSA-2026:1539
RHSA-2026:1541 https://access.redhat.com/errata/RHSA-2026:1541
RHSA-2026:15967 https://access.redhat.com/errata/RHSA-2026:15967
RHSA-2026:1652 https://access.redhat.com/errata/RHSA-2026:1652
RHSA-2026:21695 https://access.redhat.com/errata/RHSA-2026:21695
RHSA-2026:22420 https://access.redhat.com/errata/RHSA-2026:22420
RHSA-2026:3461 https://access.redhat.com/errata/RHSA-2026:3461
RHSA-2026:3462 https://access.redhat.com/errata/RHSA-2026:3462
RHSA-2026:7519 https://access.redhat.com/errata/RHSA-2026:7519
USN-7743-1 https://usn.ubuntu.com/7743-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T18:46:42Z/ Found at https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
Exploit Prediction Scoring System (EPSS)
Percentile 0.01354
EPSS Score 0.00011
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:40:32.612146+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json 38.6.0